This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla25-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 08:48:24 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0b34741d213e41642c5cfd3ec3d872df1d400133 * md5sum eb19ae6933e99690f672f050788fccf9 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlLPAAoJEIXCXpWhbrlNb8UIAJqjPS7rsVvqCZbDjMMqxzOh gbJa+XrzwLrbcm3t5DCIHrJIagZOrF7iOZos82pakxuStTizO7CAYtfew9gLguzs T9tnsOVPNCR+2avW9AyyoQ+8IIhaHJqVfwdeI2m3h8Xxbyf40gtxIRtbiDxUyW5B x3kG24lZphegaWUgt1G4OSz66M1LfPK9Hff1OFir97pBiUG8kaoqban0o7CVDqfz 7LmOb5RUgX4hQavr7xf/hKw93FfnDRjzqB/uMk1+jzKW9XzHge2/G3f+yQLHQ4VW nxujlc2A53FJFTrUhndHJJ6LtehUF5WnA06IkHNh9UrxwB8uDcQa0H3BPEx+8c8= =LYOp -----END PGP SIGNATURE-----